mirror of
https://github.com/elyby/accounts.git
synced 2024-11-08 13:42:30 +05:30
Extract public key from private pem file at runtime
This commit is contained in:
parent
ca304261a3
commit
0a666e1e12
@ -9,8 +9,8 @@ EMAILS_RENDERER_HOST=http://emails-renderer:3000
|
|||||||
## Security params
|
## Security params
|
||||||
JWT_USER_SECRET=replace_me_for_production
|
JWT_USER_SECRET=replace_me_for_production
|
||||||
JWT_ENCRYPTION_KEY=thisisadummyvalue32latterslength
|
JWT_ENCRYPTION_KEY=thisisadummyvalue32latterslength
|
||||||
JWT_PRIVATE_PEM_LOCATION=
|
JWT_PRIVATE_KEY_PATH=
|
||||||
JWT_PUBLIC_PEM_LOCATION=
|
JWT_PRIVATE_KEY_PASS=
|
||||||
|
|
||||||
## External services
|
## External services
|
||||||
CHRLY_HOST=skinsystem.ely.by
|
CHRLY_HOST=skinsystem.ely.by
|
||||||
|
@ -8,8 +8,6 @@ use Lcobucci\JWT\Signer\Key;
|
|||||||
|
|
||||||
interface AlgorithmInterface {
|
interface AlgorithmInterface {
|
||||||
|
|
||||||
public function getAlgorithmId(): string;
|
|
||||||
|
|
||||||
public function getSigner(): Signer;
|
public function getSigner(): Signer;
|
||||||
|
|
||||||
public function getPrivateKey(): Key;
|
public function getPrivateKey(): Key;
|
||||||
|
@ -7,68 +7,45 @@ use Lcobucci\JWT\Signer;
|
|||||||
use Lcobucci\JWT\Signer\Ecdsa\Sha256;
|
use Lcobucci\JWT\Signer\Ecdsa\Sha256;
|
||||||
use Lcobucci\JWT\Signer\Key;
|
use Lcobucci\JWT\Signer\Key;
|
||||||
|
|
||||||
class ES256 implements AlgorithmInterface {
|
final class ES256 implements AlgorithmInterface {
|
||||||
|
|
||||||
/**
|
private string $privateKeyPath;
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
private $privateKey;
|
|
||||||
|
|
||||||
/**
|
private ?string $privateKeyPass;
|
||||||
* @var string|null
|
|
||||||
*/
|
|
||||||
private $privateKeyPass;
|
|
||||||
|
|
||||||
/**
|
private ?Key $privateKey = null;
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
private $publicKey;
|
|
||||||
|
|
||||||
/**
|
private ?Key $publicKey = null;
|
||||||
* @var Key|null
|
|
||||||
*/
|
|
||||||
private $loadedPrivateKey;
|
|
||||||
|
|
||||||
/**
|
private Sha256 $signer;
|
||||||
* @var Key|null
|
|
||||||
*/
|
|
||||||
private $loadedPublicKey;
|
|
||||||
|
|
||||||
/**
|
public function __construct(string $privateKeyPath, ?string $privateKeyPass = null) {
|
||||||
* TODO: document arguments
|
$this->privateKeyPath = $privateKeyPath;
|
||||||
*
|
|
||||||
* @param string $privateKey
|
|
||||||
* @param string|null $privateKeyPass
|
|
||||||
* @param string $publicKey
|
|
||||||
*/
|
|
||||||
public function __construct(string $privateKey, ?string $privateKeyPass, string $publicKey) {
|
|
||||||
$this->privateKey = $privateKey;
|
|
||||||
$this->privateKeyPass = $privateKeyPass;
|
$this->privateKeyPass = $privateKeyPass;
|
||||||
$this->publicKey = $publicKey;
|
$this->signer = new Sha256();
|
||||||
}
|
|
||||||
|
|
||||||
public function getAlgorithmId(): string {
|
|
||||||
return 'ES256';
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getSigner(): Signer {
|
public function getSigner(): Signer {
|
||||||
return new Sha256();
|
return $this->signer;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPrivateKey(): Key {
|
public function getPrivateKey(): Key {
|
||||||
if ($this->loadedPrivateKey === null) {
|
if ($this->privateKey === null) {
|
||||||
$this->loadedPrivateKey = new Key($this->privateKey, $this->privateKeyPass);
|
$this->privateKey = new Key($this->privateKeyPath, $this->privateKeyPass);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->loadedPrivateKey;
|
return $this->privateKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getPublicKey(): Key {
|
public function getPublicKey(): Key {
|
||||||
if ($this->loadedPublicKey === null) {
|
if ($this->publicKey === null) {
|
||||||
$this->loadedPublicKey = new Key($this->publicKey);
|
$privateKey = $this->getPrivateKey();
|
||||||
|
$privateKeyOpenSSL = openssl_pkey_get_private($privateKey->getContent(), $privateKey->getPassphrase() ?? '');
|
||||||
|
$publicPem = openssl_pkey_get_details($privateKeyOpenSSL)['key'];
|
||||||
|
$this->publicKey = new Key($publicPem);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->loadedPublicKey;
|
return $this->publicKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -23,10 +23,6 @@ class HS256 implements AlgorithmInterface {
|
|||||||
$this->key = $key;
|
$this->key = $key;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getAlgorithmId(): string {
|
|
||||||
return 'HS256';
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getSigner(): Signer {
|
public function getSigner(): Signer {
|
||||||
return new Sha256();
|
return new Sha256();
|
||||||
}
|
}
|
||||||
|
@ -6,21 +6,24 @@ namespace api\components\Tokens;
|
|||||||
use api\components\Tokens\Algorithms\AlgorithmInterface;
|
use api\components\Tokens\Algorithms\AlgorithmInterface;
|
||||||
use Webmozart\Assert\Assert;
|
use Webmozart\Assert\Assert;
|
||||||
|
|
||||||
class AlgorithmsManager {
|
final class AlgorithmsManager {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var AlgorithmInterface[]
|
* @var AlgorithmInterface[]
|
||||||
*/
|
*/
|
||||||
private $algorithms = [];
|
private array $algorithms = [];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param AlgorithmInterface[] $algorithms
|
||||||
|
*/
|
||||||
public function __construct(array $algorithms = []) {
|
public function __construct(array $algorithms = []) {
|
||||||
array_map([$this, 'add'], $algorithms);
|
array_map([$this, 'add'], $algorithms);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function add(AlgorithmInterface $algorithm): self {
|
public function add(AlgorithmInterface $algorithm): self {
|
||||||
$id = $algorithm->getAlgorithmId();
|
$id = $algorithm->getSigner()->getAlgorithmId();
|
||||||
Assert::keyNotExists($this->algorithms, $id, 'passed algorithm is already exists');
|
Assert::keyNotExists($this->algorithms, $id, 'passed algorithm is already exists');
|
||||||
$this->algorithms[$algorithm->getSigner()->getAlgorithmId()] = $algorithm;
|
$this->algorithms[$id] = $algorithm;
|
||||||
|
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
@ -25,11 +25,6 @@ class Component extends BaseComponent {
|
|||||||
*/
|
*/
|
||||||
public $hmacKey;
|
public $hmacKey;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
public $publicKeyPath;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
@ -45,16 +40,12 @@ class Component extends BaseComponent {
|
|||||||
*/
|
*/
|
||||||
public $encryptionKey;
|
public $encryptionKey;
|
||||||
|
|
||||||
/**
|
private ?AlgorithmsManager $algorithmManager = null;
|
||||||
* @var AlgorithmsManager|null
|
|
||||||
*/
|
|
||||||
private $algorithmManager;
|
|
||||||
|
|
||||||
public function init(): void {
|
public function init(): void {
|
||||||
parent::init();
|
parent::init();
|
||||||
Assert::notEmpty($this->hmacKey, 'hmacKey must be set');
|
Assert::notEmpty($this->hmacKey, 'hmacKey must be set');
|
||||||
Assert::notEmpty($this->privateKeyPath, 'privateKeyPath must be set');
|
Assert::notEmpty($this->privateKeyPath, 'privateKeyPath must be set');
|
||||||
Assert::notEmpty($this->publicKeyPath, 'publicKeyPath must be set');
|
|
||||||
Assert::notEmpty($this->encryptionKey, 'encryptionKey must be set');
|
Assert::notEmpty($this->encryptionKey, 'encryptionKey must be set');
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -131,11 +122,7 @@ class Component extends BaseComponent {
|
|||||||
if ($this->algorithmManager === null) {
|
if ($this->algorithmManager === null) {
|
||||||
$this->algorithmManager = new AlgorithmsManager([
|
$this->algorithmManager = new AlgorithmsManager([
|
||||||
new Algorithms\HS256($this->hmacKey),
|
new Algorithms\HS256($this->hmacKey),
|
||||||
new Algorithms\ES256(
|
new Algorithms\ES256("file://{$this->privateKeyPath}", $this->privateKeyPass),
|
||||||
"file://{$this->privateKeyPath}",
|
|
||||||
$this->privateKeyPass,
|
|
||||||
"file://{$this->publicKeyPath}"
|
|
||||||
),
|
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -5,7 +5,6 @@ return [
|
|||||||
'hmacKey' => 'tests-secret-key',
|
'hmacKey' => 'tests-secret-key',
|
||||||
'privateKeyPath' => codecept_data_dir('certs/private.pem'),
|
'privateKeyPath' => codecept_data_dir('certs/private.pem'),
|
||||||
'privateKeyPass' => null,
|
'privateKeyPass' => null,
|
||||||
'publicKeyPath' => codecept_data_dir('certs/public.pem'),
|
|
||||||
'encryptionKey' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
|
'encryptionKey' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
|
||||||
],
|
],
|
||||||
'reCaptcha' => [
|
'reCaptcha' => [
|
||||||
|
@ -34,7 +34,6 @@ return [
|
|||||||
'hmacKey' => getenv('JWT_USER_SECRET'),
|
'hmacKey' => getenv('JWT_USER_SECRET'),
|
||||||
'privateKeyPath' => getenv('JWT_PRIVATE_KEY_PATH') ?: __DIR__ . '/../../data/certs/private.pem',
|
'privateKeyPath' => getenv('JWT_PRIVATE_KEY_PATH') ?: __DIR__ . '/../../data/certs/private.pem',
|
||||||
'privateKeyPass' => getenv('JWT_PRIVATE_KEY_PASS') ?: null,
|
'privateKeyPass' => getenv('JWT_PRIVATE_KEY_PASS') ?: null,
|
||||||
'publicKeyPath' => getenv('JWT_PUBLIC_KEY_PATH') ?: __DIR__ . '/../../data/certs/public.pem',
|
|
||||||
'encryptionKey' => getenv('JWT_ENCRYPTION_KEY'),
|
'encryptionKey' => getenv('JWT_ENCRYPTION_KEY'),
|
||||||
],
|
],
|
||||||
'tokensFactory' => [
|
'tokensFactory' => [
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES2Pyq9r0CyyviLaWwq0ki5uy8hr/
|
|
||||||
ZbNO++3j4XP43uLD9/GYkrKGIRl+Hu5HT+LwZvrFcEaVhPk5CvtV4zlYJg==
|
|
||||||
-----END PUBLIC KEY-----
|
|
@ -23,6 +23,7 @@
|
|||||||
"ext-json": "*",
|
"ext-json": "*",
|
||||||
"ext-libxml": "*",
|
"ext-libxml": "*",
|
||||||
"ext-mbstring": "*",
|
"ext-mbstring": "*",
|
||||||
|
"ext-openssl": "*",
|
||||||
"ext-pdo": "*",
|
"ext-pdo": "*",
|
||||||
"ext-simplexml": "*",
|
"ext-simplexml": "*",
|
||||||
"ext-sodium": "*",
|
"ext-sodium": "*",
|
||||||
|
3
composer.lock
generated
3
composer.lock
generated
@ -4,7 +4,7 @@
|
|||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "3885d09d6c24355b0c314fc3259d185b",
|
"content-hash": "b8103011e139d9bd760edc1e2505b75f",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "bacon/bacon-qr-code",
|
"name": "bacon/bacon-qr-code",
|
||||||
@ -6999,6 +6999,7 @@
|
|||||||
"ext-json": "*",
|
"ext-json": "*",
|
||||||
"ext-libxml": "*",
|
"ext-libxml": "*",
|
||||||
"ext-mbstring": "*",
|
"ext-mbstring": "*",
|
||||||
|
"ext-openssl": "*",
|
||||||
"ext-pdo": "*",
|
"ext-pdo": "*",
|
||||||
"ext-simplexml": "*",
|
"ext-simplexml": "*",
|
||||||
"ext-sodium": "*"
|
"ext-sodium": "*"
|
||||||
|
@ -1,4 +0,0 @@
|
|||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEv6ENZA59mzFvoDKTX3BI3Nx6di+x
|
|
||||||
WnsOAo9+zx0hnMnfzdhOS930ocFTBcyZmmF7iM7nhGicfiDfJKIyV8w+BA==
|
|
||||||
-----END PUBLIC KEY-----
|
|
Loading…
Reference in New Issue
Block a user